scchost.exe - Dangerous
scchost.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Also has backdoor capabilities that give a hacker access to infected computer.
Also Known as Backdoor.SdBot.gen
Copies itself as %System%\Scchost.exe.
Adds the registry value: "Services Host"="Scchost.exe"
to the registry keys: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
If the filename of the worm is not scchost.exe, the program will kill itself and start scchost.exe as a service.
Attempts to spread using the following file shares:
Administrator
Guest
Owner
If a connection is made, the worm copies itself to the following folders:
Winnt\Profiles\All Users\Start Menu\Programs\Startup
Windows\Start Menu\Programs\Startup
Documents and Settings\All Users\Start Menu\Programs\Startup
Connects to a specific IRC server and joins a specific channel to accept instructions from the hacker:
Flooding a specified host
Downloading a file from the hacker
Executing a file
Use RegRun Startup Optimizer to remove it from startup.